+Vithursa Mahendrarajah <vithu...@wso2.com>
On Mon, Aug 12, 2019 at 5:26 PM Sanjeewa Malalgoda <sanje...@wso2.com>
wrote:
>
>
> On Thu, Aug 8, 2019 at 9:08 PM Malintha Amarasinghe <malint...@wso2.com>
> wrote:
>
>> When we return a 404, it implies that the URL (or the resource) does not
>> exist. Here the URL/resource is */validate-role *(a controller resource)
>> which always exists so it is wrong to return a 404 at any case.
>>
> Yes agree with this and controller resource(as query params optional
> controller resource will be resource) is not ideal for this.
> Using head would be good option. Like nirmal mentioned any additional
> parameters related to filter criteria can be passed as query parameters.
>
> Thanks,
> sanjeewa/
>
>>
>> Thanks!
>>
>> On Thu, Aug 8, 2019 at 7:12 PM Menaka Jayawardena <men...@wso2.com>
>> wrote:
>>
>>> Hi Naduni,
>>>
>>> Wh the GET request always returns 200?
>>> Can't we set the status code 404 if the role is not found? So we can
>>> check the response status from the UI. We do not want to read the body then.
>>>
>>>
>>>
>>> On Thu, Aug 8, 2019 at 6:05 PM Naduni Pamudika <nad...@wso2.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> Thanks all for the suggestions. With the GET method @Bhathiya
>>>> Jayasekara <bhath...@wso2.com> suggested, we have the following 2
>>>> options now.
>>>>
>>>> 1. *HEAD /roles/{roleName}*
>>>> 2. *GET /validate-role?role=rolename*
>>>>
>>>>
>>>> If we go with the option 1, it will simplify the work in the UI side
>>>> while doing the role validations by using the Rest API since we can do the
>>>> validation by looking at the status code (If the role exists it is a 200
>>>> and if not it is a 404). If we go with the option 2, it will always return
>>>> a 200 status code and we need to check the response body to validate a
>>>> particular role name (We can send *isRoleExist=true* and
>>>> *isRoleExist=false* in the response body depending on the existence of
>>>> a role name).
>>>>
>>>> Since most of us are +1 with the option 2, shall we move forward with
>>>> the GET method?
>>>>
>>>> Thanks,
>>>> Naduni
>>>>
>>>> On Wed, Aug 7, 2019 at 7:27 PM Bhathiya Jayasekara <bhath...@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Wed, Aug 7, 2019 at 6:24 PM Malintha Amarasinghe <
>>>>> malint...@wso2.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 7, 2019 at 3:39 PM Harsha Kumara <hars...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Aug 7, 2019 at 3:37 PM Malintha Amarasinghe <
>>>>>>> malint...@wso2.com> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Aug 7, 2019 at 3:35 PM Harsha Kumara <hars...@wso2.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Let's say if someone wants to check existence of role foo in user
>>>>>>>>> store TEST. He will do a call /roke/TEST/foo which isn't valid request
>>>>>>>>> right?
>>>>>>>>>
>>>>>>>> @Harsha Kumara <hars...@wso2.com> we need to URL encode the role
>>>>>>>> name. The request will become /roles/TEST%2Ffoo
>>>>>>>>
>>>>>>> Yes that's true. Again some customers might have different letters
>>>>>>> in their role names. Might note be a good idea to include as a path
>>>>>>> parameter.
>>>>>>>
>>>>>> Even if we add as a query param, that will go as part of the URL
>>>>>> which might lead to similar issues? We may need to test this for query
>>>>>> parameters as well.
>>>>>>
>>>>>> I preferred the HEAD method due to the simpleness ( only need to
>>>>>> respond with 204 or 404 without any payload based on the availability of
>>>>>> the role) and RESTfulness (consider a role as a resource and do a fetch
>>>>>> on
>>>>>> it in the usual way). HEAD is the usual way for checking the existence
>>>>>> of a
>>>>>> resource. However, we do not have the need for implementing a GET here
>>>>>> for
>>>>>> now.
>>>>>>
>>>>>
>>>>> This is actually my worry is. I don't think we'll ever have to give a
>>>>> /roles/{role} in the publisher APIs. So having a HEAD without a GET feels
>>>>> strange to me. Maybe it's just me.
>>>>>
>>>>> Thanks,
>>>>> Bhathiya
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Aug 7, 2019 at 3:33 PM Mushthaq Rumy <musht...@wso2.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Adding [Architecture]
>>>>>>>>>>
>>>>>>>>>> On Wed, Aug 7, 2019 at 3:30 PM Mushthaq Rumy <musht...@wso2.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Since we will be UserStoreManager, this should cover the
>>>>>>>>>>> secondary user stores as well.
>>>>>>>>>>>
>>>>>>>>>>> Thanks & Regards,
>>>>>>>>>>> Mushthaq
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Aug 7, 2019 at 3:28 PM Harsha Kumara <hars...@wso2.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> What happen if the role is from secondary user store?
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Aug 7, 2019 at 3:24 PM Naduni Pamudika <nad...@wso2.com>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>>
>>>>>>>>>>>>> We are planning to add a REST API endpoint to APIM 3.0
>>>>>>>>>>>>> Publisher Rest APIs and the intention is to check the existence
>>>>>>>>>>>>> of a
>>>>>>>>>>>>> particular role name. This will be used in order to manage roles
>>>>>>>>>>>>> when
>>>>>>>>>>>>> enabling Publisher Access Control and Store Visibility and when
>>>>>>>>>>>>> adding
>>>>>>>>>>>>> Scopes.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The swagger definition for the new endpoint would be as
>>>>>>>>>>>>> follows.
>>>>>>>>>>>>>
>>>>>>>>>>>>> ######################################################
>>>>>>>>>>>>> # The Role Name Existence
>>>>>>>>>>>>> ######################################################
>>>>>>>>>>>>> /roles/{roleName}:
>>>>>>>>>>>>> #-----------------------------------------------------
>>>>>>>>>>>>> # The role name existence check resource
>>>>>>>>>>>>> #-----------------------------------------------------
>>>>>>>>>>>>> head:
>>>>>>>>>>>>> security:
>>>>>>>>>>>>> - OAuth2Security:
>>>>>>>>>>>>> - apim:api_view
>>>>>>>>>>>>> summary: |
>>>>>>>>>>>>> Check given role name is already exist
>>>>>>>>>>>>> description: |
>>>>>>>>>>>>> Using this operation, you can check a given role
>>>>>>>>>>>>> name is already used. You need to provide the role name you want
>>>>>>>>>>>>> to check.
>>>>>>>>>>>>> parameters:
>>>>>>>>>>>>> - $ref : '#/parameters/roleName'
>>>>>>>>>>>>> responses:
>>>>>>>>>>>>> 200:
>>>>>>>>>>>>> description: |
>>>>>>>>>>>>> OK.
>>>>>>>>>>>>> Requested role name is returned.
>>>>>>>>>>>>> 404:
>>>>>>>>>>>>> description: |
>>>>>>>>>>>>> Not Found.
>>>>>>>>>>>>> Requested role name does not exist.
>>>>>>>>>>>>> ######################################################
>>>>>>>>>>>>> # Role Name
>>>>>>>>>>>>> roleName:
>>>>>>>>>>>>> name: roleName
>>>>>>>>>>>>> in: path
>>>>>>>>>>>>> description: |
>>>>>>>>>>>>> The role name
>>>>>>>>>>>>> required: true
>>>>>>>>>>>>> type: string
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> It is a HEAD method (*/roles/{roleName}*) which will return a
>>>>>>>>>>>>> 200 status code if the given role name exists and a 404 status
>>>>>>>>>>>>> code if the
>>>>>>>>>>>>> give role name is not found. Sample requests and responses are
>>>>>>>>>>>>> given below.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Request:
>>>>>>>>>>>>> HEAD
>>>>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/valid-role
>>>>>>>>>>>>> HTTP/1.1
>>>>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>>>>>>>>>>>>>
>>>>>>>>>>>>> Response:
>>>>>>>>>>>>> HTTP/1.1 200 OK
>>>>>>>>>>>>> Connection: keep-alive
>>>>>>>>>>>>> Content-Length: 0
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Request:
>>>>>>>>>>>>> HEAD
>>>>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/invalid-role
>>>>>>>>>>>>> HTTP/1.1
>>>>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>>>>>>>>>>>>>
>>>>>>>>>>>>> Response:
>>>>>>>>>>>>> HTTP/1.1 404 Not Found
>>>>>>>>>>>>> Connection: keep-alive
>>>>>>>>>>>>> Content-Length: 0
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Are we good to have the endpoint definition as this?
>>>>>>>>>>>>> Appreciate your inputs to proceed further.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>> Naduni
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc.
>>>>>>>>>>>>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e)
>>>>>>>>>>>>> nad...@wso2.com
>>>>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>>>
>>>>>>>>>>>> Technical Lead, WSO2 Inc.
>>>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>>>> Email: hars...@wso2.coim
>>>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>>>
>>>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Mushthaq Rumy
>>>>>>>>>>> *Senior Software Engineer*
>>>>>>>>>>> Mobile : +94 (0) 779 492140
>>>>>>>>>>> Email : musht...@wso2.com
>>>>>>>>>>> WSO2, Inc.; http://wso2.com/
>>>>>>>>>>> lean . enterprise . middleware.
>>>>>>>>>>>
>>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Mushthaq Rumy
>>>>>>>>>> *Senior Software Engineer*
>>>>>>>>>> Mobile : +94 (0) 779 492140
>>>>>>>>>> Email : musht...@wso2.com
>>>>>>>>>> WSO2, Inc.; http://wso2.com/
>>>>>>>>>> lean . enterprise . middleware.
>>>>>>>>>>
>>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> *Harsha Kumara*
>>>>>>>>>
>>>>>>>>> Technical Lead, WSO2 Inc.
>>>>>>>>> Mobile: +94775505618
>>>>>>>>> Email: hars...@wso2.coim
>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>
>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Malintha Amarasinghe
>>>>>>>> *WSO2, Inc. - lean | enterprise | middleware*
>>>>>>>> http://wso2.com/
>>>>>>>>
>>>>>>>> Mobile : +94 712383306
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Harsha Kumara*
>>>>>>>
>>>>>>> Technical Lead, WSO2 Inc.
>>>>>>> Mobile: +94775505618
>>>>>>> Email: hars...@wso2.coim
>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>
>>>>>>> GET INTEGRATION AGILE
>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Malintha Amarasinghe
>>>>>> *WSO2, Inc. - lean | enterprise | middleware*
>>>>>> http://wso2.com/
>>>>>>
>>>>>> Mobile : +94 712383306
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc.
>>>>> (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc.
>>>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) nad...@wso2.com
>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>
>>>>
>>>
>>> --
>>>
>>> *Menaka Jayawardena*
>>> Senior Software Engineer | WSO2 Inc.
>>> +94 71 350 5470 | +94 76 717 2511 | men...@wso2.com
>>>
>>> <https://wso2.com/signature>
>>>
>>>
>>
>> --
>> Malintha Amarasinghe
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306
>>
>
>
> --
> *Sanjeewa Malalgoda*
> Software Architect | Associate Director, Engineering - WSO2 Inc.
> (m) +94 712933253 | (e) sanje...@wso2.com | (b) Blogger
> <http://sanjeewamalalgoda.blogspot.com>, Medium
> <https://medium.com/@sanjeewa190>
>
> GET INTEGRATION AGILE <https://wso2.com/signature>
> Integration Agility for Digitally Driven Business
>
--
*Naduni Pamudika* | Senior Software Engineer | WSO2 Inc.
(m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) nad...@wso2.com
[image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
